Serious Security Flaw
Yesterday, one of my technical support analysts uncovered a serious security flaw in ServiceDesk Plus.
He initiated a scan of a new workstation and configured the scan using the global credentials that are configured for scheduled scans. As expected the username and password fields were populated. At this point he decided to view the source code of the page and was able to read the password in plain text!!
I see from the post of issues fixed in hotfix 7016 (see forums.adventnet.com/viewtopic.php?p=915661 that it fixes a security vulnerability but I don't know if this is the same issue. I'd appreciate feedback from anybody who knows.
In the meantime, please be warned that this issue exists. OpManager 7 also has the same problem.
AdamB
He initiated a scan of a new workstation and configured the scan using the global credentials that are configured for scheduled scans. As expected the username and password fields were populated. At this point he decided to view the source code of the page and was able to read the password in plain text!!
I see from the post of issues fixed in hotfix 7016 (see forums.adventnet.com/viewtopic.php?p=915661 that it fixes a security vulnerability but I don't know if this is the same issue. I'd appreciate feedback from anybody who knows.
In the meantime, please be warned that this issue exists. OpManager 7 also has the same problem.
AdamB